package com.yige.web.action

import com.mongodb.DBObject
import com.yige.common.MD5Util
import com.yige.common.SystemConstant
import com.yige.service.mongoService.MongoResourceService
import com.yige.service.mongoService.MongoRoleService
import com.yige.service.mongoService.MongoUserService
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.stereotype.Controller
import org.springframework.web.bind.annotation.RequestMapping
import org.springframework.web.bind.annotation.ResponseBody

import javax.servlet.http.HttpSession

/**
 * Created by sunhao on 2016/3/31 0031.
 */
@Controller
@RequestMapping("appUser")
class AppUserAction {

    @Autowired
    MongoUserService userService
    @Autowired
    MongoRoleService roleService
    @Autowired
    MongoResourceService resourceService

    /*************控制器模块************/

    /**
     * 用户登录
     * @param username
     * @param password
     * @param httpSession
     * @return
     */
    @RequestMapping("login")
    @ResponseBody
    def login(String username, String password, HttpSession httpSession) {
        // 校验用户名和密码
        Map<String, Object> map = checkUser(username, password)
        int flag = Integer.valueOf(map.get("flag").toString())
        if (flag == SystemConstant.SUCCESS) {
            // 登录成功
            // 将登录信息存入session,将用户权限资源存入model
            DBObject user = (DBObject) map.get("user")
            httpSession.setAttribute("user", user)
            return [result: true, user: user]
        } else {
            def msg = "登录失败"
            // 登录失败
            if (flag == SystemConstant.USER_NAME_ERROR) {
                msg = "用户名错误"
            }
            if (flag == SystemConstant.PASSWORD_ERROR) {
                msg = "密码错误"
            }
            return [result: false, msg: msg]
        }
    }

    /**
     * 用户登出
     * @param session
     * @return
     */
    @RequestMapping("logout")
    @ResponseBody
    def logout(HttpSession session) {
        //注销session
        session.invalidate();
        return [result: true];
    }

    @RequestMapping("updatePwd")
    @ResponseBody
    def updatePwd(HttpSession session, String lastPwd, String newPwd) {
        DBObject user = (DBObject) session.getAttribute("user")
        boolean flag = userService.updatePwd(user, lastPwd, newPwd)
        return [result: flag]
    }

    /*****************方法模块*****************/

    /**
     * 检查用户名和密码
     * @param username
     * @param password
     * @return
     */
    def checkUser(String username, String password) {
        if (username == null)
            throw new RuntimeException("用户名不能为空.")
        if (password == null)
            throw new RuntimeException("密码不能为空.")
        Map<String, Object> map = new HashMap<String, Object>()

        // 校验用户名是否正确
        DBObject user_db = userService.findUserByName(username)
        if (user_db == null) {
            // 用户名不存在
            map.put("flag", SystemConstant.USER_NAME_ERROR)
            return map
        }
        if (user_db.status == SystemConstant.USER_OFF_JOB) {
            //用户被禁止
            map.put("flag", SystemConstant.USER_STATUS_OFF)
            return map
        }

        // 需要对加密后的密码进行比较
        String md5Password = MD5Util.md5(password)
        if (!md5Password.equals(user_db.password)) {
            map.put("flag", SystemConstant.PASSWORD_ERROR)
            return map
        }

        // 校验成功
        map.put("flag", SystemConstant.SUCCESS)
        map.put("user", user_db)
        return map
    }
}
